Weekly Intelligence Summaries

Quointelligence is analyzing the use of Follina vulnerability in the campaign targeting entities in Ukraine reported by the CERT-UA, allegedly associated with the APT28 cluster

Quointelligence is analyzing the use of Follina vulnerability in the campaign targeting entities in Ukraine reported by the CERT-UA, allegedly associated with the APT28 cluster

We analyzed the encryption software samples used in HelloXD’s Ransomware operation and provide an update of the latest legislation regarding US and EU cybersecurity controls.

This week we provide analysis into IndustrialSpy and their encryption software, which they recently leveraged in cyber operations.

Quointelligence reported on the Gamaredon group activity characterized by the use of SFX archives to deliver #malware. In this weekly, we continue to cover developments of related activity, which enabled us to map the infrastructure used and establish a pattern of behavior.

Quointelligence reported on the Gamaredon group activity characterized by the use of SFX archives to deliver #malware. In this weekly, we continue to cover developments of related activity, which enabled us to map the infrastructure used and establish a pattern of behavior.

In this Weekly we report on how a threat actor, possibly Russian, is targeting users in Germany by using information on the war in Ukraine as a lure. We also look at how international co-operation on cybersecurity is increasing as a result of the Ukraine conflict. Meanwhile, the increasing isolation of Russia through international sanctions could impact the global IT threat landscape, with emphasis on semiconductors and products using them.

In this weekly we investigate the emerging threat of NodePacketManager (NPM) becoming an attack vector for supply chains and the rising trend of extortion groups targeting companies without using ransomware. In terms of the war in Ukraine, we have escalated our cyber threat level from MEDIUM to HIGH due to extremely targeted hacktivist activity against entities operating in NATO countries.

QuoIntelligence is tracking a campaign where the threat actors are using the remote template injection to deliver an espionage implant targeting Russian entities. Researchers allege that the campaign in question is attributed to Chinese nation-state actors. We continue our Ukraine war Geopolitics and Cyber coverage. Since organizations increased their monitoring of Russian APTs, other threat actors are likely to leverage the void and increase their activities, as we have observed with Chinese-sponsored threat actors over the last weeks.